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Application Nos.: 10/712,396 

^ . Attorney Docket No.: 08971.0005-00 
Outline for Interview 
FOR DISCUSSION PURPOSES ONLY 

I. Objection of Claims 1 -45 and Rejection of Claims 27-29 
A. Claim Amendments - "Processing Unlf 

1 . Claim amendments to replace "processor" with "processing unit" 

2. Support may be found in. for example, paragraphs 027 and 030. 
Roll h SircTiimf ^'-^ Add^^s as 

1. Partridge et al. 

a) Does not disclose a firewall. 

b) Discloses a router forwarding packets Vhich will b© assigned to it bv 
the various interface cards." (5:2-6.) 

2. Mikkonen 

a) Discloses using a router nod© or a firewall node to provide for fault 
tolerance through redundancy. (2:14-43.) 

b) For example, first node Includes redundant inactive interfaces (cards) 
that have the same IP and MAC address as interfaces present on a 
second node. If the second node fails, the first node activates the 
Inactive interfaces. {Id. and 36:32-34). 

3. Bommareddy et at. 

a) Discloses the use of firewall clustering system. (6:13-22.) 

b) "The firewalls perform filtering operations and/or network address 
translation (NAT) services. (6:59-61, 8:61-9:21.) 

(1) NAT used to "modify each packet, changing the destination 
address from its IP address to the actual address of the server 
that is to receive the traffic" and to "modify the 'From' address in 
each packet to create the appearance that the PC load balancer 
sent the packets." (2:38-44.) 
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Application No.: 10/712,396 
Attorney Docket No.: 08971 .0005^00 

1. (Currently Amended) A method for addressing packets in a firewall cluster 
within a single network, the firewall cluster including a plurality of firewall nodes 
comprising one or more nmr^^^Qinr , „nit, the method comprising: 

selecting, from the firewall cluster within the single network, one of the 
firewall nodes for processing a first packed- 
receiving, at a first prooo c cor processing unit associated with the selected 
firewall node, the first packet- 
modifying, by the first prooossor processing unit as a function of a 
multidimensional space for representing addresses processed by a set of data 
prooGesoro mpoessinq units, a first address for the first packet into a second address for 
the first packet, the second address being within a range of addresses assigned only to 
the selected firewall node; and 

fonwarding the first packet based on the second address. 

2, (Original) The method of claim 1 , further comprising: 
using an N-tuple space as the multidimensional space. 

3. (Currently Amended) The method of claim 2, further comprising: 
assigning to the first prooossor processino unit a first region based on the 

N-tuple space. 
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Application No.: 10/712 396 
Attorney Docket No.; 08971.0005-00 
PROPOSED A MENDMENTS TO 7H F CLAIMS 

4. (Original) The method of claim 3, further comprising: 

using the first address, such that the first address represents a point within 
the first region. 



5. (Original) The method of claim 4, further comprising: 

using N address values as the N-tuple, such that the N address values 
represent the point. 

6. (Original) The method of claim 2. further comprising; 

using the N-tupIe space, such that N is equal to a value of at least two. 

7. (Currently Amended) The method of claim 3, further comprising: 
assigning to a second procooo &F processing unit a second region based 

on the N-tuple space, such that the first region is separate from the second region. 

8. (Currently Amended) The method of claim 7, further comprising: 
forwarding, at the second pf©ees6©r processing unit , a second packet with 

the second address determined based on the second region, such that the second 
packet does not conflict with the first packet, 
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Application No.; 10/712,396 
Attorney Docket No.; 08971.0005-00 

FOR UlSCUSSION PURPUi,^^ Qm. v . nrT^J^^,^^^ 

9. (Currently Amended) The method of claim 7. further comprising: 
fon/varding. at the second p^eoessof proceasino unit a second paci<et with 

the second address determined based on the second region, such that the second 
address does not conflict with the first address. 

10. (Currently Amended) A method for addressing packets associated with a 
plurality of pfoe^ssofs processing units, each preeessof processing unit being 
associated with one of a plurality of firewall nodes in a firewall cluster within a single 
network, the method comprising: 

selecting, from the firewall cluster within the single network, one of the 
firewall nodes for processing a packet, the selected firewall node including a first 
prococcor processing unit : 

receiving, at the first procoseor processing unit the packet; 

reading, at the first pfosossGf processing unit , an N-tuple address of the 
received packet; 

determining, by the first pfeeeee^ processing unit , whether the N-tuple 
address is within an N-tupIe space assigned to the first pfocescor processing unit : 

sending the packet with the N-tuple address, when It is determined that 
the N'tuple address is within the N-tuple space assigned to the f iret pfeeesseF 

processing unit : and 
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Application No.: 10/712,396 
Attorney Docket No.: 08971 .0005-00 

determining a modified N-tuple address, when It is determined that the 
N-tuple address is not within the N-tupie space assigned to the first pfooeseof 
processing unit and sending the packet based on the modified N-tuple address, 

1 1 . (Original) The method of claim 10, wherein the reading step further 
comprises: 



reading as the N-tuple address, a plurality of values from the received 



packet. 



1 2. (Original) The method of claim 1 1 , wherein the reading step further 
comprises: 

reading at least a source port. 

1 3. (Currently Amended) The method of claim 1 0, wherein the step of 
determining whether the N^uple address is within the N-tuple space, further comprises: 

detemnining whether the N-tuple address Is within the N-tuple space 
based on a comparison between the N-tuple address of the packet and the N-tupIe 
space assigned to the first procoscof processing unit . 

14. (Currently Amended) The method of claim 10, wherein the step of 
determining whether the N-tuple address is within the N-tuple space, further comprises: 
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Application No,: 10/712,396 
Attorney Docket No.: 08971 .0005-00 

determining whether the N-tuple address of the packet is wfthin the 
N-tupIe space based a quadrant Identifier value, wherein the quadrant identifier value 
corresponds to the first pf:©Gees©f processing unit 

15. (Original) The method of claim 14, wherein the step of determining 
whether the N^uple address of the packet is within the N-tupIo space, further 
comprises: 

determining the quadrant Identifier value based on a hash function. 

1 6. (Original) The method of claim 1 4, wherein the step of determining 
whether the N-tuple address of the packet is within the N-tuple space, further 
comprises; 

detemiining the quadrant identifier value based on a hash function and a 
modulo division. 

1 7. (Currently Amended) The method of claim 1 0. wherein the step of 
determining the modified N-tuple further comprises: 

adding a value to the N-tuple address, such that the modified N-tuple 
address is within the N-tuple space assigned to the first prooooooF processing unit . 

1 8. (Original) The method of claim 14, wherein the step of determining the 
modified N-tuple address further comprises: 

modifying the N-tuple address based on the quadrant identifier value. 
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Attorney Docket No.: 08971 .0005-00 
PROPOSED AMENDMEMT<i rn r up CLAIMfi 

19. (Currently Amended) The method of claim 10, wherein the step of 
sending the packet with the N-tupie address, further comprises: 

sending the packet with the N-tuple address, such that the packet does 
not conflict with another N-tupIe address associated with a second one of the 
prococoQ fB processinn units 



20. (Cancelled). 



21 . (Currently Amended) The method of claim 1 0, further comprising: 
using a computer as the first pf eo es s ef processino unit . 

22. (Currently Amended) The method of claim 10, further comprising: 
using a router as the first prooooo of processing unit . 

23. (Cancelled). 



24. (Currently Amended) A method of addressing packets in a firswal! cluster 
within a singe network, wherein the firewall cluster comprises a set of prococcort 
processing units , each pnDcoecor processing unit being associated with a firewall node, 
the method comprising: 
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PROPOSED AMF NDMENTS TO THF r.t A imp 
FOR DISCUSeinM OMpposES ONLY ■ nn Mi^M^ 

selecting, from the firewall cluster within the single network, one of the 
firewall nodes for processing a packet, the selected firewall node including a first 
p fooesBor processing unit - 

receiving, at the first pfoeessof processinn unit the packet; 

reading, at the first pfOGOssor processing unit , an N-tuple address of the 
received packet; 

detemilning a quadrant identifier based on the read N-tuple address, a 
hash function, and modulo division; 

determining whether the read N-tupl© address corresponds to the first 
prooescor processing unit haaefi on the quadrant identifier; 

sending the packet with the N-tuple address, when the quadrant identifier 
corresponds to the first prooosGor processing unit : and 

determining a modified N-tuple address, when the quadrant identifier does 
not correspond to the first Pfeoeesef processino unit ann sending the packet based on 
the modified N-tuple address. 

25. (Currently Amended) The method of claim 24, further comprising; 

assigning each of the set of ppeeesews processing units a firewall node 

number. 
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PROPOSED AMENDMENTS T Q THE CLAIMS 
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26. (Currently Amended) The method of claim 25, further comprising: 
determining whether the N-tuple address corresponds to the first 

preeeeseF processinq uQ it based on the quadrant identifier and the firewall node 
number. 

27. (Currently Amended) A system for addressing packets in a firewall cluster 
within a single network, the firewall cluster including a plurality of firewall nodes, the 
system comprising: 

means for selecting, from the firewall cluster within the single network, one 
of the firewall nodes for processing a first packet; 

means for receiving, at a first procooo ef processing unit associated with 
the selected firewall node, the first packet; 

means for modifying as a function of a multidimensional space for 
representing addresses processed by a set of data prococDor^? processing units, a first 
address for the first packet into a second address for the first packet, the second 
address being within a range of addresses assigned only to the selected firewall node; 
and 

means for forwarding the first packet based on the second address. 

28. (Currently Amended) A system for addressing packets associated with 
one or more proooecor& prooessino units , each gfe e ee eof pfoceaaina unit being 
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PROPOSED AME NDMENTS TO THE CLAIMS 
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associated with a firewall node in a firewall cluster within a single network, the system 
comprising: 

means for selecting, from the firewall cluster within the single network, one 
of the firewall nodes for processing a packet, the selected firewall node including a first 
proGoscor processing unit : 

means for receiving, at the first pj=©G©s6©f processing unit, the packet; 

means for reading, at the first ^tfoeeesGf processing unit, an N-tuple 
address of the received packet; 

means for determining whether the N-tuple address is within an N-tuple 
space assigned to the first prooooo o f processing unit : 

means for sending the packet with the N-tuple address, when It is 
detennined that the N-tuple address is within the N-tuple space assigned to the first 
prooocGO F processina unit : and 

means for determining a modified N-tuple address, when it Is determined 
that the N-tuple address Is not within the N-tuple space assigned to the first proc occo r 
processing unit and sending the packet based on the modified N-tuple address. 

29. (Currently Amended) A firewall cluster within a single network including 
one or more firewall nodes associated with one or more procoscoro processing untia 
comprising: 
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PROPOSED AMEND MENTS TO THE HI AIMQ 
FOR DISCUSSION PURPOSES ONLY ■ DO NOT ENTER 

means for sefectrng, from the firewall cluster within the single network, 
one of the firewall nodes for processing a packet, the selected firewalJ node including a 
first prococooF processinQ unit : 

means for receiving, at the first pfeeeeeof proceBsina unit , the packet; 
means for reading, at the first prooQeeor procesaino unit, an N^uple 
address of the received packet; 

means for determining a quadrant identifier based on the read N^uple 
address, a hash function, and modulo division; 

means for determining whether the read N-tuple address corresponds to 
the first ^roces eof processing unit based on the quadrant Identifier; 

means for sending the packet with the N-tuple address, when the 
quadrant identifier corresponds to the first proooesor processing unit; and 

means for determining a modified N-tuple address, when the quadrant 
identifier does not corresponds to the first gfeeessef processing unit and sending the 
packet based on the modified N-tuple address. 

30. (Currently Amended) A system Including a firewall cluster within a single 
network Including a plurality of firewall nodes, the firewall nodes being associated with 
one or more prooossoro processing units said system comprising: 
at least one memory comprising: 
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PROPOSED AMENDMENTS TQ THE CLArMfi 
FOR OrSCUSSrON purposes only ■ DO NOT EMTFR 

code that selects, from ttie firewall cluster within the single network, 
one of the firewall nodes for processing a first packet, the selected firewall node 
including a first proooscor processing unit : 

code that receives, at the first processor processing unit , the first 

packet; 

code that modifies, as a function of a multidimensional space for 
representing addresses processed by a set of data pfeesssofs processing units. 
a first address for the first packet into a second address for the first packet, the 
second address being within a range of addresses assigned only to the selected 
firewall node; and 

code that fonwards the first packet based on the second address; 

and 

at least one p r -e c essef processing unit for executing the code. 

31 . (Currently Amended) A system including a firewall cluster within a single 
network including a plurality of firewall nodes, the firewall nodes being associated with 
one or more p Foo e esorc processino units the system comprising: 
at least one memory comprising; 

code that selects, from the firewall cluster within the single network, 
one of the firewall nodes for processing a packet, the selected firewaJI node 
including a first proooctsoF processing unit : 
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code tliat recsives, at the first proGossor processing unit , the 

packet; 

code that reads, at the first proooseor processing unit , an N-tuple 
address of the received packet; 

code that determines whether the N-tuple address is within an N- 
tuple space assigned to the first processor processing unit : 

code that sends the packet with the N-tuple address, when it is 
determined that the N-tuple address Is within the N-tuple space assigned to the 
first prococcor processing unit : and 

code that determines a modified N-tuple address, when it is 
determined that the N-tuple address is not within the N-tuple space assigned to 
the first procossor processing unit and sending the packet based on the modified 
N-tuple address; and 

at least one pfSG ees or processing unit for executing the code. 

32. (Original) The system of claim 31 , wherein code that reads further 
comprises: 

code that reads as the N-tupl© address, a plurality of values from the 
received packet. 
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33. (Original) The system of claim 32, wherein code that reads the plurality of 
values further comprises: 

code that reads at least a source port. 

34. (Currently Amended) The system of claim 31 , wherein code that 
determines whether the N-tuple address is within the N-tuple space, further comprises: 

code that determines whether the N-tuple address Is within the N-tuple 
space based a comparison between the N-tuple address of the packet and the N-tuple 
space assigned to the first procee ee r processlno unit . 

35. (Currently Amended) The system of claim 31 , wherein code that 
detemfilnes whether the N-tuple address is within the N-tuple space, further comprises: 

code that detemiines whether the N-tuple address of the packet is within 
the N-tuple space based a quadrant identifier value, wherein the quadrant identifier 
corresponds to the first prooessor processing unit . 

36. (Original) The system of claim 35 wherein code that determines whether 
the N-tuple address of the packet is within the N-tuple space, further comprises: 

code that determines the quadrant Identifier value based on a hash 

function. 
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37. (Currently Amended) A firewall cluster including a plurality of firewall 

nodes witliin a single network, the firewall nodes being associated with one or mor^ 

^F Qc ee eorG processing units, the firewall cluster comprising: 

at least one memory comprising 

code that selects, from the firewall cluster within the single network, 

one of the firewall nodes for processing a packet, the selected firewall node 

including a first ^P oc es e eF processing unit : 

code that receives, at the first p r - ec ee e of processing unit , the 

packet; 

code that reads, at the first proc ee G ef processing unit , an N-tuple 
address of the received packet; 

code that determines a quadrant identifier based on the read 
N-tuple address, a hash function, and modulo division; 

code that detennlnes whether the read N-tupJe address 
corresponds to the first proooocor processing unit based on the quadrant 
Identifier; 

code that sends the packet with the N-tuple address, when the 
quadrant identifier corresponds to the first proo e ee of processino unit : and 

code that determines a modified N-tuple address, when the 
quadrant identifier does not corresponds to the first procoesor processing unit 
and sends the packet based on the modified N tuple address; and 
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at least one procoDcor prooesainti unit for executing the code, 

38, (Currently Amended) A computer-readable storage medium comprising 
instructions which, when executed by a processor processing unit , perform a method for 
addressing pacl^ets in a firewall cluster within a single network, the firewall cluster 
including a plurality of firewall nodes, the method including: 

selecting one, from the firewall cluster within the single network, of the 
firewall nodes for processing a packet, the selected firewall node being associated with 
a first p roc ess&f arocessInQ unit : 

receiving, at the first prooosoof processino unit , the packet; 

reading, at the first proooe sep processing unit , an N-tuple address of the 
received packet; 

determining whether the N-tuple address is within an N-tuple space 
assigned to the first prooe s s of processing unit : 

sending the packet with the N-tupIe address, when it is determined that 
the N-tuple address is within the N-tuple space assigned to the first prooe eeef 
processing unit : and 

determining a modified N-tupIe address, when it is determined that the 
N-tupl© address is not within the N-tuple space assigned to the first procesBor 
processing unit and sending the packet based on the modified N-tuple address. 



-15- 
PAGE 1S12r RCVD AT 6/16/2009 6:48:23 PM [Eastern Daylight Time] * SW:USPTO{FXRF-5/4^ 



06/16/2009 18:44 



2024084400 



FINNEGAN HENDERSON 



PAGE 19/21 



Application No.: 10/712,396 
Attorney Docl<Gt No.: 08971 .0005-00 




(Currently Amended) The computer-readable storage medium of clair 
reading further comprises: 

reading as the N-tuple address, a plurality of values from the received 



38, wherein 



packet. 



40. (Previously Presented) The computer-readable storage medium of claim 
39, wherein reading the plurality of values further comprises: 

reading at least a source port. 

41 . (Currently Amended) The computer-readable storage medium of claim 
39. wherein determining whether the N~tuple address is within the N-tuple space, further 
comprises: 

determining whether the N-tuple address is within the N-tuple space 
based a comparison between the N-tupIe address of the paoftet and the N-tuple space 
assigned to the first prOGOccor Drocessina unit . 

42. (Currently Amended) The computer-readable storage medium of claim 
39, wherein determining whether the N-tuple address is within the N-tuple space, further 



determining whether the N-tuple address of the packet is within the N- 
tuple space based a quadrant identifier value, wherein the quadrant identifier value 
corresponds to the first procoooo f processing unit . 



comprises: 
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43. (Previously Presented) The computer-readable storage medium of claim 
42, wlierein determining whether the N-tuple address of the pacl^et is within the N-tuple 
space, further comprises; 

determining the quadrant identifier value based on a hash function. 

44. (Currently Amended) A computer-readable storage medium comprising 
instructions which, when executed by a #feeess^ processing unit , perform a method for 
addressing packets in a firewall cluster within a single network, the firewall cluster 
Including a plurality of firewall nodes, the method including: 

selecting, from the firewall cluster within the single network, one of the 
firewall nodes for processing a packet, the selected firewall node Including a first 
proooccor processing unit : 

receiving, at the first prococoor processing unit , the packet; 

reading, at the first ^feeeesof processing unit , an N-tuple address of the 
received packet; 

determining a quadrant identifier based on the read N-tuple address, a 
hash function, and modulo division; 

determining whether the read N-tuple address corresponds to the first 
proGoesor processing unit based on the quadrant identifier; 

sending the packet with the N-tuple address, when the quadrant identifier 
corresponds to the first procoooo F processing urtit : and 
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determining a modified N-tuple address, when the quadrant identifier does 
not corresponds to the first pfOGeesor processing unit and sending the pacltet based on 
the modified N-tuple address. 

45, (Currently Amended) A computer-readable storage medium comprising 
Instructions which, when executed by a proooooor processing unit perform a method for 
addressing packets in a firewall cluster within a single network, the firewall cluster 
including a plurality of firewall nodes, the method including: 

selecting, from the firewall cluster within the singJe network, one of the 
firewall nodes within the single network for processing a first packet, the selected 
firewall node being associated with a first proce Bso r processino unit : 

receiving, at the first proooesor processino unit , the first packet; 
modifying, as a function of a multidimensional space for representing 
addresses processed by a set of data prococcoro processing units , a first address for 
the first packet into a second address for the first packet, the second address being 
within a range of addresses assigned only to the selected firewall node; and 
fonwarding the first packet based on the second address. 
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